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WHAT IS CLAIMED IS: 

1. A method for managing a security policy for one or more users in a network, 
comprising: 

a) running a policy management program on a computer in communication 

with the network; 

b) enabling creation of a security policy document using the policy 

management program; 

c) enabling the one or more users on the network to view the security policy 

document; and 

d) receiving electronic data relevant to user viewing of the security policy 

document using the policy management program. 

2. The method of claim 1, further comprising verifying a degree of user compliance 
with the security policy by using the policy management program to assess the received 
data. 

3. The method of claim 2, wherein the received data includes a timestamp denoting 
the time a user acknowledges viewing of the security policy document. 

4. The method of claim 2, wherein the received data includes quiz results indicative 
of the user comprehension of the viewed security policy document. 

5. The method of claim 1, wherein enabling the creation of the security policy 
document comprises enabling selection of security policies from a set of options. 

6. The method of claim 5, wherein the security policies selected from the set of 
options reside in a library in communication with the policy management program. 

7. The method of claim 1, wherein enabling the users on the network to view the 
security policy document comprises enabling pre-selection of a group of users to view the 
security policy document. 
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8. The method of claim 1, further comprising electronically providing a quiz to 
assess user comprehension of the viewed security policy document. 

9. The method of claim 1, wherein enabling the creation of the security policy 
document further comprises enabling creation of a quiz associated with the security 
policy document. 

10. The method of claim 8, wherein the received data includes user responses to the 
quiz. 

11. A method for managing a security policy for one or more first computers in a 
network, comprising: 

a) running a software program on a second computer in communication with 

the network; 

b) enabling creation of a security policy document using the software 

program by enabling selection of security policies from a set of 
options; and 

c) automatically configuring the security policy document to provide one or 

more technical controls for implementing the security policy on at 
least one first computer. 

12. The method of claim 11, wherein the security policies selected from the set of 
options reside in a library in communication with the software program. 

13. The method of claim 11, wherein two of the first computers operate in accordance 
with different operating systems. 

14. The method of claim 11, wherein the technical controls comprise a format 
interpretable by at least one first computer. 
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15. The method of claim 11, wherein the security policy document is represented by a 
markup language. 

16. The method of claim 11, further comprising distributing detect rules to at least 
one first computer. 

17. The method of claim 16, further comprising electronically notifying an 
administrator when at least one first computer is out of compliance. 

18. The method of claim 1 1, further comprising distributing the one or more technical 
controls to at least one first computer. 

19. The method of claim 18, further comprising running a second software program 
on at least one first computer to allow at least one first computer to interpret the 
distributed technical controls. 

20. The method of claim 19, wherein the second software program uses 
metacommands to convert the technical controls into instructions interpretable by an 
operating system running on at least one first computer. 

21. The method of claim 11, further comprising receiving data relevant to compliance 
of at least one first computer with the one or more technical controls using the software 
program. 

22. The method of claim 21, further comprising assessing the received data using a 
third software program. 

23. The method of claim 22, wherein the third software program comprises a security 
management program. 
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24. The method of claim 21, further comprising verifying a degree of compliance of 
at least one first computer with the one or more technical controls by using the software 
program to assess the received data. 

25. The method of claim 24, wherein the received data comprises compliance score 
data. 

26. A method for managing a security policy for one or more users and one or more 
first computers in a network, comprising: 

a) running a software program on a second computer in communication with 

the network; 

b) creating a security policy document using the software program; and 

c) automatically configuring the security policy document to create (i) a 

human-readable security policy document, and (ii) a machine-readable 
security policy document containing technical controls readable by at 
least one first computer. 

27. The method of claim 26, further comprising allowing the users to view the 
human-readable security policy document via the network. 

28. The method of claim 27, wherein allowing the users to view the human-readable 
security policy document comprises pre-selecting a group of users to view the security 
policy document. 

29. The method of claim 27, further comprising electronically receiving data relevant 
to user viewing of the security policy document. 

30. The method of claim 29, wherein the received data includes a timestamp denoting 
the time a user acknowledged viewing the security policy. 
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31. The method of claim 29, further comprising verifying a degree of user compliance 
with the security policy by using the software program to assess the received data. 

32. The method of claim 3 1 , wherein the received data includes quiz results indicative 
of the user comprehension of the viewed security policy document. 

33. The method of claim 26, wherein creating the security policy document comprises 
selecting security policies from a set of options. 

34. The method of claim 33, wherein the security policies selected from the set of 
options reside in a library in communication with the software program. 

35. The method of claim 26, wherein the human-readable security policy document 
includes a quiz to test user comprehension of the security policy document. 

36. The method of claim 26, further comprising electronically providing a quiz to 
assess user comprehension of the viewed security policy document. 

37. The method of claim 26, wherein enabling the creation of the security policy 
document further comprises enabling creation of a quiz associated with the security 
policy document. 

38. The method of claim 26, further comprising distributing the machine-readable 
security policy document to at least one first computer to implement the security 
technical controls thereon. 

39. The method of claim 38, further comprising running a second software program 
on at least one first computer to allow at least one first computer to interpret the 
distributed technical controls. 
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40. The method of claim 39, wherein the second software program uses 
metacommands to convert the technical controls into instructions interpretable by an 
operating system running on at least one first computer. 

41 . The method of claim 38, further comprising receiving data relevant to compliance 
of at least one first computer with the technical controls using the software program. 

42. The method of claim 41, further comprising assessing the received data using a 
third software program. 

43. The method of claim 42, wherein the third software program comprises a security 
management program. 

44. The method of claim 41, further comprising verifying a degree of compliance of 
at least one first computer with the technical controls by using the software program to 
assess the received data. 

45. The method of claim 44, wherein the received data comprises compliance score 
data. 

46. The method of claim 26, wherein two of the first computers operate in accordance 
with different operating systems. 

47. The method of claim 26, wherein the technical controls comprise a format 
interpretable by at least one first computer. 

48. The method of claim 47, wherein the security policy documents is represented by 
a markup language. 

49. The method of claim 26, further comprising distributing detect rules to at least 
one first computer. 
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50. The method of claim 49, further comprising electronically notifying an 
administrator when at least one first computer is out of compliance. 

51. A system for managing a security policy for one or more users and for one or 
more first computers in a network, comprising: 

a) a first device containing a first program for creating a security policy 

document in both human-readable and machine-readable formats; and 

b) a second device in communication with the first device and containing a 

second program for monitoring the security compliance of at least one 
first computer; 

wherein at least one first computer contains a third program for receiving the 
machine-readable format of the security policy document. 



H 454759(9QW701' DOC) 



37 of 38 



